how does scribefire or deepest sender circumvent same origin policy restriction?

174 views Asked by At

This is in reference to the question asked at Create a Wordpress post with xmlrpc and jQuery . I'm trying to do something similar and I'm stuck with the SOP restriction.

If the same origin policy is implemented in firefox, how to extensions like scribefire or deepest sender manage to communicate with blogs in other domains? Please clarify this for me as it would be most helpful for my project.

1

There are 1 answers

0
nmaier On BEST ANSWER

Firefox extensions run with "chrome" (process) privileges, and are not bound to the same origin policy at all. Only web content is.

If you want to perform cross domain access with only "content" privileges, i.e. from a regular website, not an extension, you need to implement special access controls. Or course, you can only implement the access controls for your own sites.